From 0526dde7f3d4089617c0f4a6a85f83e9d266c9f1 Mon Sep 17 00:00:00 2001
From: Marlena Marlenowska <stolarek.marcin@gmail.com>
Date: Thu, 14 Sep 2017 03:54:40 +0200
Subject: IDMAP: Prevent colision for explicitly defined slice.

Currently it happens for default domain, if someone configures
different ldap_idmap_default_domain_sid for two domains in
sssd.conf. There is no check preventing this in sdap_idmap.c, it's simply:
sdap_idmap_add_domain(idmap_ctx, dom_name,sid_str, 0). However, I believe
here is the best place to check it since there may be different use of
sss_idmap_calculate_ranges in the future.

Reviewed-by: Sumit Bose <sbose@redhat.com>
---
 src/lib/idmap/sss_idmap.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index 56ba904bc..57e9d3087 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -426,6 +426,16 @@ enum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx,
          * explicitly.
          */
         new_slice = *slice_num;
+        min = (rangesize * new_slice) + idmap_lower;
+        max = min + rangesize - 1;
+        for (dom = ctx->idmap_domain_info; dom != NULL; dom = dom->next) {
+                if (check_dom_overlap(&dom->range_params,min, max)) {
+                    /* This range overlaps one already registered
+                     * Fail, because the slice was manually configured
+                     */
+                    return IDMAP_COLLISION;
+                }
+        }
     } else {
         /* If slice is -1, we're being asked to pick a new slice */
 
-- 
cgit